1998-02-09 - Re: Soft Tempest

Header Data

From: Ryan Lackey <rdl@mit.edu>
To: Tim May <tcmay@got.net>
Message Hash: 805eb9e631468c839889888a6f4935c3d517d0e74731b9a872b6c2f0a6e45bbe
Message ID: <199802090715.CAA24788@the-great-machine.mit.edu>
Reply To: <v03102800b1044ad31629@[207.167.93.63]>
UTC Datetime: 1998-02-09 07:22:52 UTC
Raw Date: Mon, 9 Feb 1998 15:22:52 +0800

Raw message

From: Ryan Lackey <rdl@mit.edu>
Date: Mon, 9 Feb 1998 15:22:52 +0800
To: Tim May <tcmay@got.net>
Subject: Re: Soft Tempest
In-Reply-To: <v03102800b1044ad31629@[207.167.93.63]>
Message-ID: <199802090715.CAA24788@the-great-machine.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



Tim May wrote:
> At 9:19 PM -0800 2/8/98, Ryan Lackey wrote:
> 
> >I'm a bit busy until at least after FC '98, or I'd do it myself.  One
> >of my goals is to keep my laptop as secure as possible, and that's
> >an application where TEMPEST shielding is rather prohibitive.
> 
> Really? You think so? You think TEMPEST treatment of laptops is more
> expensive than of normal machines?

I think it is more difficult to have a lightweight, portable, non-maintenance
intensive solution for tempest protecting a portable than for a big
desktop box.

A desktop box doesn't care how much it weighs.  It can even be put inside
a TEMPEST rack (I saw someone selling these at a convention once; I wanted
one, but didn't have any way to to ship it back to Boston.  Sigh), or just
TEMPEST protect the entire room.

One of the problems with TEMPEST protection is that the gaskets/etc. get
worn.  Or some stupid fsck paints the exposed copper in the doorway.  Or
whatever.  I don't think requiring that the thing be portable, lightweight,
etc. is going to make it any less likely to be damaged.  If the TEMPEST
protection is damaged, it's not as if a warning LED will come on -- TEMPEST
monitoring equipment is *way* too heavy to build into a laptop, so it will
fail silently.

> The physics suggests just the opposite: the RF emissions from laptops are
> expected to be lower from first principles, and, I have heard, are
> measurably much lower. (I say "have heard" because I don't have any access
> to RF measurement equipment...I once spent many hours a day working inside
> a Faraday cage, but that was many years ago.)

Certainly the traces are shorter, there are no big antennas (read: cables)
connecting parts, etc.  The power levels are power.  There aren't any
power cords if you're on battery.

However, a lot of them have plastic cases and generally piss-poor shielding
of any kind, too.
> 
> The first principles part is that the deflection yokes in a CRT are the
> largest radiated component of what got named "van Eck radiation." (I'd just
> call it RF, but whatever.)
> 
> Laptops are missing this component. (It might be interesting to see the
> radiated RF numbers for various kinds of flat panel displays.)

According to the Anderson paper, certain kinds of LCD-TFT have *easier to 
monitor* emissions than monitors.  I have no idea which is the case, but
I'm willing to err on the side of paranoia.  I should scrounge up some 
TEMPEST monitoring equipment around MIT somewhere and test it, though.
> 
> The emission from the keyboard would have to be looked at, of course.

It's an integrated component, no keyboard wire, so it's much less likely
to lose.
> 
> Also, laptops, being so small, are easy to shield with mesh bags. An
> inelegant approach would be to bend copper sheeting to form an enclosure. A
> more elegant approach might be to take one of the tight-fitting laptop
> cases (like the Silicon Sports "Wetsuit") and use it as a pattern for a
> case made of conductive mesh fabric...or even something like aluminum
> screen. Several layers would be even better.

You need to worry about the mesh bag corrding/breaking/etc.  But yeah, this
is a decent technique.  I wonder how small the mesh has to be to attenuate
30-40db of signal in the relevant frequencies, and if that makes it hard to
see/type through.  I should figure out what frequencies are involved.
> 
> But before going this route, I'd want to see some measurements. Laptops
> might already be "quiet enough." (Measurements are needed to determine the
> effectiveness of any proposed RF shielding anyway, so....)

The paper pretty clearly says laptop LCDs are not sufficiently quiet.  Until
I read this, I was under the impression they were; perhaps passive matrix
screens are and active are not. (actually, I can totally understand that
wrt the pulse modulation not present in modern crts)
> 
> Finally, for a number of years there have been proposals for viewing
> screens built into glasses or goggles. "Crystal Eyes" was one of them.
> Another was a replacement for standard EGA screens (this was 4-6 years
> ago). These were being announced during the period when virtual reality
> (VR) was expected to dominate...that hasn't happened, yet.
> 
> With some of these glasses, gargoyle-style, one could completely encase the
> laptop in a shielded case (like a Zero Haliburton) and then use a palm
> keypad...

I used to work in the MIT Media Lab's wearables project -- we used
this kind of approach.  Something called a "twiddler" chording keyboard 
(unshielded; my advisor fled the country before I could get a shielded one
set up), attached to a "private eye" monocular display; some odd resolution,
again unshielded.  Attached to a standard portable PC, a belt mounted
PC, or whatever.

I was going to put together a TEMPEST resistant wearable at some point.  In
addition, a mesh cloak; we'd been doing some privacy stuff, and discovered
that there were penetrating cameras in use by some surveilance companies/etc.
for anti-shoplifting/etc. -- it would be nice to shield against them.  It
never happened, oh well.

I had a real bitch of a time finding open source TEMPEST information, which
is part of why the idea was back-burnered.  I think there is a concerted
effort on the part of the government to prevent open source discussion of
the topic, through manipulation of research money, etc.  Most of my 
information was general purpose EE stuff and some EMP-shielding information,
so perhaps I'm inclined to overkill (when dealing with EMP, you have to worry
about 3 second duration *changes* in the field, so your faraday cage needs to
be of uniform materials, joints need to be the same as the material, etc.  
In the absence of material to suggest otherwise, I think the same criteria
apply to serious TEMPEST shielding, in the 85db+ range.  There is some 
speculation that the SECRET TEMPEST specs are not sufficient to resist
some modern SIGINT technology, and that there exist unknown standards for
real protection for some applications.  Perhaps this is unjustified paranoia).
> 
> Speaking of this sort of approach, a lower-tech version might be to use a
> palmtop, like the HP 95LX, as a remote terminal to a machine completely
> shielded. (The laptop could be in a shielded enclosure, or backpack, with
> the 95LX snaked to it with cables.) Given the battery operation, the long
> battery life (which says radiated RF is likely to be under control), the
> LCD display, etc., this should be pretty good against eavesdroppers.

Even a passive component has a resonant frequency; if you're attacking, you
may know it and can take advantage of this (hinted at in the paper).  I
don't think the palmtop being low power necessarily makes it immune, although
I'd bet it's a bit better off than a laptop.
> 
> I haven't yet looked at the Ross Anderson paper, but some things bother me
> about it. It seems unlikely that a "TEMPEST font" will affect keyboard and
> main CPU board noise. Also, in a multiple window environment, with several
> active windows, and with the target window being of varying sizes, I'm not
> quite sure I buy the idea that a remote sensing of the content of one
> window is very easy to pull off.
> 
> But I'll take a look at what Ross has to say.
> 
> --Tim May

I think the real solution is just what Ross said -- software + hardware.
With the right font and X server frobbery, you can get *better* net
image/text quality with TEMPEST protection and anti-aliasing than with neither.
And it's a great safety net in case your hardware protection is compromised.

Once the current project which by now is becoming rather tired of being
brought up in passing rather than in a real comprehensive form is on its
way, I'm going to look at the TEMPEST wearable, maybe with a verified
cryptographic hardware implementation for the important stuff.

An interim solution of a nice greyscale antialiased font in a java window
serving as a console, even if only for things like the pgp xterm, would
be a nice interim solution.  Especially since it should only take a few
hours to do, if someone has some font manipulation tools.

I was originally thinking of modifying the text mode console drivers, but
they use DOS text mode, which can't deal with greyscale.  The solution
is to use SVGAlib, GGI, or an X application.  A really cool solution
would be to make the X server itself do this to everything on the screen.
XFree86 is way too nasty a codebase for me to modify in my spare time, though.
I think Linux-GGI is the proper way to do it.
> 
> 
> 
> 
> 
> Just Say No to "Big Brother Inside"
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^3,021,377   | black markets, collapse of governments.
> 
> 
> 

-- 
Ryan Lackey
rdl@mit.edu
http://mit.edu/rdl/		







Thread